HOWTO: Wireless Security - WPA1, WPA2, LEAP, etc.

This guide was tested with:

Jaunty Jackalope (9.04)
Oneiric Ocelot (11.10)
--
Since it appears that very few people take wireless security seriously, I'd like to come up with my first HOWTO and explain how I was able to configure a secure home network using WPA2, the latest encryption & authentication standard. There are also other types of configuration (WPA1, mixed mode, LEAP, PEAP, DHCP, etc.) shown in the appendix. Feedback is much appreciated.

Common stumbling blocks - Make sure that:
1. Ethernet cable is unplugged.
2. No firewall & configuration tool is running (e.g. Firestarter).
3. MAC filtering is disabled.
4. NetworkManager, Wifi-Radar & similar wireless configuration tools are disabled/turned off and not in use.
5. Some cards/drivers (e.g. Madwifi) do not support WPA2 (AES). Try WPA1 (TKIP) if WPA2 secured connections fail.
6. Set router to BG-Only if using ndiswrapper (and perhaps Broadcom 43xx as I don't know about others).

address, netmask, [..], dns-nameservers:
Also self-explanatory... Be aware that "broadcast" needs to end with ".255" for negotiation with the router. These lines need to be according to your own (static) network settings. For DHCP see further below.

wpa-driver:
Use "wext" only. All other drivers are outdated no longer used.
[/QUOTE]

Re: WPA2 / RSN, NDiswrapper, Static IP, Hidden ESSID, WUSB54G V4

How to adapt this to WPA(1)?

I got everything setup and running ok, except that it is not automated even though I included the wpa_supplicant command in /etc/network/interfaces so everytime I start my computer I need to run wpa_supplicant manually and then dhclient manually as well in order to access to internet. Any idea why automation is not working?

I have never bothered to setup wpa_supplicant outside of "interfaces" because I don't think it is nice. So I cannot give you any advice there. However, I am having a similar issue as you whereby I need to initialize my wireless network at startup, then immediately bring it down & restart it. For some reason the network would remain disconnected if I did not restart it.

So my advice is to follow post #2 and restart the network during the boot process. Not sure if this is a bug but I have not found a solution ever since.

Re: WPA2 / RSN, NDiswrapper, Static IP, Hidden ESSID, WUSB54G V4

@weiman01,

Hi again weiman01...I reinstalled Edgy just to get a fresh start and tried to use this guide to setup my Interfaces file and not use the wpa_supplicant.conf file. If you recall I did have the wpa_supplicant.conf file working and connecting but I wanted to go your route with the Interfaces file.

Good news and bad...My (Linksys wpc54gs)lsbcmnds drivers work fine and report as installed and present, card lights up and flashes connectivity, "iwlist wlan0 scan" reports my AP info correctly (encryption on, correct ESSID ****, etc...) I have a wireless signal meter on the taskbar 100%
This is with the Networking GUI though...and a etc/init.d/network restart reports the key is wrong (obviously..no wpa- in front of any items in the Interfaces file yet.

After setting up your/my Interfaces file (see below):

No internet access, can't get a ping reply from my AP, Iwlist wlan0 scan shows no results .
I have the Interfaces file shown below taken from this HowToo (my IPs are different):

I tried enabeling wireless via the GUI. Are you also using the Networking GUI and enabling your wireless there also? When I do and I enter the basic information it writes in to the bottom of your/my Interfaces file this:

And if I just use your/my config file exactly as you wrote it, "/etc/init.d/network restart" reads the Interfaces file OK but still no connection...like it is not communicating with WPA_Supplicant...or my router....router is setup correctly though.
Iwconfig shows not associated with AP ( of course)
Iwlist wlan0 scan shows no results.

Your file seems to be the closest I have got to getting this going...no errors when I "/etc/init.d/network restart"...just says Reconfiguring then OK which is great.

Using just a basic Interfaces file with no security "iwlist wlan0 scan" reports my AP info correctly (encryption on, correct ESSID ****, etc...) I have a wireless signal meter on the taskbar 100%...

I am missing something...

Any ideas? I dont want to take a lot of your time but if you can think of anything I am missing let me know.

Re: WPA2 / RSN, NDiswrapper, Static IP, Hidden ESSID, WUSB54G V4

Success!

I was using my 64 char hex key from my router (WPA-PSK AES) and not using the directions on page 4 of your instructions. I entered my hex key and it would not work in the Network-Applet Hex box or in the Interfaces file. It seems I have to use an Ascii pass-phrase like BillyBob on my router and then in the Network-Applet enter my info and then run wpa_passphrase <my-essid> <BillyBob (my ascii-key)> to generate a psk hex key....this new key is entered into your Interfaces file like you state on page 4.

Let me experiment with this a little and get back to you...gonna try to use my hex key as a ascii key and regenerate it.